Cloud Security

The concept of “cloud computing” is not well known by most folks. Certainly not the personnel using a vast and growing number of cloud computing applications, without even know it, from business networks. If they don’t know what they are using, then how can they know the information security and privacy risks involved?

In 1975 my father, a doctor, was approached by some entrepreneurs. They had a brilliant idea. They were going to purchase a mainframe computer and sell computing on a timeshare basis to anyone who wanted to connect to it. Charges would be based on compute cycles and applications would be provided pre-loaded. Sound familiar? That was cloud computing. Today’s clou...

Scammers have been devising ways to ride on someone else's coattails since the dawn of time. With every new technology they find another way to make money from nothing. Today I am going to highlight a method that involves Twitter, Yahoo!, and Google AdSense.

Cloud computing has become a huge ‘buzz-phrase’ in last few years, but you’d be forgiven for not knowing what the term actually means indeed. Different people interpret “cloud computing” in different ways. That’s the dilemma because computing “in the cloud” may be important for you and your organization, but if it’s not clear what it actually m...

Remember the gentleman in the commercial for Hair Club for men who said “I'm not only the President, but I'm a customer”? While there are days when the hair club tempts me, it is security solutions that my company, Media Sourcery, provides. And, like many of Infosec Island's members, the information, data and documents that we exchange with our customers are proprietary, confidential a...

Last week Google announced that it was the victim of a hack in China. Word of the attack spread quickly and the German, French and Australian governments issued warnings about using internet Explorer. I'm amazed that this incident has not received more commentary from the privacy and security communities. Is this not the most serious data privacy breach in a search engine’s histo...

The lure of virtualization is clear. From the business perspective, it means faster time-to-market for new technology enabled services and a strong foundation for new strategic initiatives, such as cloud computing. For technology organizations, virtualization promises faster server provisioning, increased hardware utilization, and lower costs for disaster recovery (DR).

Using SSL to secure all websites may seem like an odd choice; most websites contain no "nuggets" worth taking, SSL apparently slows the page load time (especially on over provisioned hosting platforms), and it's not clear if doing so will kibosh any search engine optimizations.

Like many other Wave-wannabes, I am also awaiting an invite from Google to try out their all-in-one communication solution Google Wave. But I have my trepidations: over making my private work public, over opening up for comment work that is still being worked out, over messing up “my thoughts” with a thousand other theories, over starting something with the full knowledge that it could...

The problem with the cloud is that it can evaporate leaving no trace behind! The weekend thunderbolt that hit over a million subscribers of T-Mobile Sidekick, operated by the Microsoft subsidiary, Danger Inc in the US, is standing testimony to the whimsical nature of cloud computing.

Cloud computing is a rapidly growing phenomena that is being evaluated by companies of all sizes. Though it has many positives, much of corporate America is not yet ready to accept migrating major applications to the cloud until concerns about security, privacy, and reliability are addressed.

Since the last blog there has been a steady stream of news about more security threats originating at web sites, particularly from social networking sites. Profit motive appears to be the primary intent of the threats. The methodology is committing identity theft for profit. Below are a sample of four web based news articles to which I refer:

Over the last two weeks security news reports identify social networking sites as distribution points for malware of all sorts and flavours and as botnets for distributing more of the same. In addition, site users seem enthusiastic to reveal personal information to those who would gladly accept the information for purposes of identity theft